Information Technology

Gartner Glossary

Risk Management

Risk management (also known as operational risk management or integrated risk management) is the management of granular business risks between the security governance layer and the enterprise risk management layer. Risk managers look at more operational and tactical exposures to the business that can be summarized and abstracted to inform enterprise risks. They manage areas such as vendor risk management, audit management, corporate risk and compliance, legal matters that affect risk, and even business continuity risks. This is also the bridge where cyber risks are addressed, using information to and from the security management layer.

Experience Gartner conferences

Master your role, transform your business and tap into an unsurpassed peer network through our world-leading virtual and in-person conferences.

Gartner Webinars

Expert insights and strategies to address your priorities and solve your most pressing challenges.